Cloudflare mitigates biggest ever HTTPS DDoS attack

Cloudflare automatically detected and mitigated a 26 million request per second (rps) DDoS attack, which it claims is the largest HTTPS DDoS attack on record.

The attack targeted a customer website using Cloudflare’s Free plan last week, the company revealed. The attack originated mostly from Cloud Service Providers instead of Residential Internet Service Providers, which the company said indicates the use of hijacked virtual machines and powerful servers to generate the attack, instead of much weaker Internet of Things (IoT) devices.

The 26M rps DDoS attack also originated from a small but powerful botnet of 5,067 devices. Each node generated around 5,200 rps at peak. Cloudflare compared this to a larger botnet of 730,000 devices it has been tracking. The larger botnet wasn’t able to generate more than one million requests per second, which is around 1.3 requests per second on average per device for example. On average, the 26M rps botnet was 4,000 times stronger due to its use of virtual machines and servers.

The company added that it’s worth noting the attack was over HTTPS. “HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection,” said Cloudflare. “Therefore, it costs the attacker more to launch the attack, and for the victim to mitigate it. We’ve seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale.”

Within less than 30 seconds, the botnet generated over 212 million HTTPS requests from over 1,500 networks in 121 countries. The top countries were Indonesia, the United States, Brazil and Russia, with about 3% of the attacks coming through Tor nodes. The top source networks were the French-based OVH, the Indonesian Telkomnet, the US-based iboss, and the Libyan Ajeel.

Related Resource

Understanding the economics of in-cloud data protection

Data protection solutions designed with cost optimisation in mind

Free Download

Cloudflare pointed out that its recent DDoS Trends report shows that most of the attacks are small, like cyber vandalism, However, even small attacks can severely impact unprotected Internet properties. It added that large attacks are growing in size and frequency, but remain short and rapid. Attackers concentrate their botnet’s power to try and wreak havoc with a single quick knockout blow, trying to avoid detection.

The company highlighted some of the record-breaking attacks it witnessed over the past year. In August 2021, it disclosed a 17.2M rps HTTP DDoS attack, and more recently in April 2022, a 15M rps HTTPS DDoS attack.

Featured Resources

Big data for finance

How to leverage big data analytics and AI in the finance sector

Free Download

Ten critical factors for cloud analytics success

Cloud-native, intelligent, and automated data management strategies to accelerate time to value and ROI

Free Download

Remove barriers and reconnect with your customers

The $260 billion dollar friction problem businesses don't know they have

Free Download

The future of work is already here. Now’s the time to secure it.

Robust security to protect and enable your business

Free Download